There now exists an official workaround for this as of Docker for Mac >= 2.2.0.0.
REF: File system sharing (osxfs) | Docker Documentation
The solution involves using a "magic path" specifically for SSH_AUTH_SOCK: /run/host-services/ssh-auth.sock
Mount this special path into the container via docker run args:
SSH_AUTH_SOCK_MAGIC_PATH='/run/host-services/ssh-auth.sock'
docker run -ti -v ${SSH_AUTH_SOCK_MAGIC_PATH}:${SSH_AUTH_SOCK_MAGIC_PATH} \
-e SSH_AUTH_SOCK=${SSH_AUTH_SOCK_MAGIC_PATH} \
some-container/needing-ssh-agent
Note that this does not resolve the main issue of mounting arbitrary Unix sockets into a container. At least it works for ssh-agent / SSH_AUTH_SOCK!
So, this fix does not help when setting up a reverse web proxy to a Unix socket in the container (as mentioned above).
See also: Support for sharing unix sockets . Issue #483 . docker/for-mac . GitHub